For those of you who know me, Henry was my basset hound, and the fictitious name used during (ahem) special research. I'm a former intelligence officer, a professional analyst, and a blogger since 2004 writing about my experiences on the journey --information security, cyber intelligence, education, thoughts. Some love my writings others hate it. If you like it, follow me!

Saturday, November 12, 2016

First, let me say how happy I am that nobody resorted to cyber bombing during the elections. And although there was a short period during the morning after, where Anonymous put out the word, the results were peaceful physical protests rather than cyber. For that, I'm happy to say that my blog from last week entitled "Mutually Assured Cyber Destruction?" Didn't, in fact, come true.BTA couple of years ago a friend came back from Afghanistan. He was an intel officer charged with identifying those folks building bombs that, maybe we should pay a visit to.His big data output pushed roughly 800 targets to him every day, yet he could only visit a half dozen or so. So what'd he do? He sat up all night and picked a half dozen high probability targets for the next day. He was the guy who wrote the 'finished intelligence' from the big data picture that kept coming in from the aggregation and analysis shops supplying him with targeting information.This became the norm and eventually, he came home.Yesterday I sat with a small bank CISO and his deputy. I told them that in one of our past projects we'd pushed intel products to various organizations preparing in support of the National Conventions. I even gave them one of the 60 or so short, tactical intelligence products that we pushed to folks involved in the setup. This one report talked about an assassination attempt on Trump that never seemed to make into the main stream news, but did make it into smaller outlets.When I passed it off to the banker, he asked How'd you find this stuff? My answer? We read! And then we push it out in just about any form needed to get it into our customers inboxes.In three weeks we'd pushed roughly 75 intel products with a bunch great stuff on the activities in Cleveland, then the Rio Olympics. Cyber intelligence was once the domain of larger companies who could actually do, understand, and act on intelligence; today however, smaller companies are asking the same questions. But as they learn, many, like the larger companies we've worked with for so many years, really have no idea how to get it, what's good and what isn't, how do deal with the overwhelming amount of data, and rarely do they have an understanding of when they actually do get good stuff, what to do with it. Even worse, the idea that they can even recognize the finished intelligence from the aggregated data is a question that often gets answered in the negative.So I asked my new small bank CISO friend how he ingests all of the stuff that they get from their intel feeds, the list, etc. His answer? "We don't. There's to much data and we really don't have time to figure out what's important and what's not." Yikes. He relies on an MSSP and then uses sensors internally connected to a commercial SMB SIM; but if it's not getting pushed into the SIM by someone else, he reads what he can but the finished intel has no nowhere to go except the cutting room floor. Yikes. We wanted to find a way to help. So let's try this...Wapack Labs collects nearly half a million victims every week including those hit with key loggers, botnets, and various APT and non-APT activities. When we detect them, we do victim notifications --at no charge; we shoot the victim automated alert form from our API. At the same time, we've hired some new strategic people to assist in pushing the message out to those who need it, but may not yet be able to consume and act on it:I'm happy to say, we hired Michael Tanji as the new Managing Director of a new Wapack Labs Partnership Exchange Program. The idea is simply this... when we see a smaller company in trouble, we let them know... generally through a partner who can help. We don't charge for the service, rather generate revenue through partnership building. Mike has been in the intel space for over 20 years. I've known him since we were in uniform, and I'm certain he's the right guy for building partnerships. We don't want to be in the break fix business, but if we can enable others while helping those who need help; well, we see that as a win-win. We hired Patrick Maroneyto build new analytic tools and data analysis processes. Pat is the former Executive Director of the Defense Security Information Exchange (DSIE), the Chief Architect for CyberIQ, and before that a Director in Information Security at L3. He's a long time evangelist and thought leader in the development and practical application of International Standards for Cyber Threat Intelligence Data Representation Models, Inter-Exchange, and the community development of tools, frameworks, and operational Reference Implementations, and has come to Wapack Labs as a Principal Engineer in charge of 'enabled analytics' --building analysis tools for analysts. And last, but certainly not least, as we grow, it's more important than ever to make sure we add quality cyber analysts to the team. One of those is a young woman who worked in my team at the Office of Naval Intelligence --shortly after my time, but will with the team. Liz Shirley is coming onboard to take on the role of Fusion Director for the intelligence team. Liz's has got a great background including having worked as a senior intelligence analyst Gestalt, iSight Partners, the FBI's National Cyber Investigative Joint Task Force (NCIJTF), Pacific Northwest National Labs, and Office of Naval Intelligence She's going to make a great addition to our team and help lead and shape younger analysts.We're growing, we're adding new offerings, and we're excited! The last few weeks have been busy for us, and as we head into the end of the year, I'm making one more trip to the BWI/DC area --with our new marketing manager in tow, meeting with customers, Red Sky members, and prospects one last time before we head into Thanksgiving. If you'd like to grab some time in person while I'm in town, drop me a note. If you'd like to schedule some virtual time to find out more about what we do and how we do it, we'd be happy to show you... and for the remainder of the year as we put on the full court press before the holidays, we're offering two months in Red Sky Alliance before you're billed for your first year. Simply sign up and finish membership paperwork by the end of the year and you'll receive your first two months on us!OK folks.. it's going to be a long day on the tractor for the last lawn mowing of the season before the deck comes off and the bucket loader goes on.. I've got work to do before travel.So, until next time,Have a great weekend!Jeff

"U.S. military hackers have penetrated Russia's electric grid, telecommunications networks and the Kremlin's command systems, making them vulnerable to attack by secret American cyber weapons should the U.S. deem it necessary, according to a senior intelligence official and top-secret documents reviewed by NBC News.

American officials have long said publicly that Russia, China and other nations have probed and left hidden malware on parts of U.S critical infrastructure, "preparing the battlefield," in military parlance, for cyber attacks that could turn out the lights or turn off the internet across major cities."

I had a boss once who used to tell me "There are no unintentional leaks in Washington." so I'm guessing this is a question of mutually assured destruction in cyberspace, but does it really have to be telegraphed?